Improve ports configuration

modules/infrastructure/variables.tf

@@ -23,8 +23,6 @@ variable "services" {
       name = string
       type = string
     })))
-    ports = optional(list(string))
-    certificates = optional(list(string))
     auth = bool
     auth_cert = optional(string)
     auth_redirects = optional(list(string))

modules/services/variables.tf

@@ -14,8 +14,6 @@ variable "services" {
       name = string
       type = string
     })))
-    ports = optional(list(string))
-    certificates = optional(list(string))
     auth = bool
     auth_cert = optional(string)
     auth_redirects = optional(list(string))

playbooks/filter_plugins/service_filters.py

@@ -5,6 +5,7 @@ class FilterModule(object):
             'services_to_dnscontrol': self.services_to_dnscontrol,
             'services_get_backups': self.services_get_backups,
             'service_get_backups': self.service_get_backups,
+            'services_ports_to_docker': self.services_ports_to_docker,
             'service_get_domain': self.service_get_domain,
         }
 
@@ -46,6 +47,14 @@ class FilterModule(object):
                     return dns_0.get("domain")
         return None
 
+    def services_ports_to_docker(self, ports, type_filter=None):
+        result = []
+        for port in ports:
+            if type_filter and port.get("type") != type_filter:
+                continue
+            result.append(f"{port['port']}:{port['port']}/{port['protocol']}")
+        return result
+
     def services_to_dnscontrol(self, services):
         result = {}
         for service in services:

playbooks/roles/caddy/vars/main.yml

@@ -6,7 +6,7 @@ caddy_acmedns_url: "https://{{ acme_dns.host }}"
 
 caddy_ports_default:
   - "{{ host_vpn.ip }}:2019:2019"
-caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten }}"
+caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
 caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
 
 caddy_env:

services.auto.tfvars

@@ -42,9 +42,21 @@ services = {
     name = "caddy"
     host = "*"
     ports = [
-      "80:80",
+      {
-      "443:443",
+        port = 80
-      "443:443/udp",
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
+      {
+        port = 443
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
+      {
+        port = 443
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
       #"2019:2019",
     ]
     auth = false
@@ -418,7 +430,13 @@ services = {
       url = "/_matrix/client/versions"
       group = "4-services"
     }
-    ports = ["8448:8448"]
+    ports = [
+      {
+        port = 8448
+        protocol = "tcp"
+        type = "reverse_proxy"
+      }
+    ]
     auth = true
     auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
     database = true

variables.tf

@@ -145,7 +145,11 @@ variable "services" {
       group = optional(string)
       conditions = optional(list(string))
     }))
-    ports = optional(list(string))
+    ports = optional(list(object({
+      port = number
+      protocol = string
+      type = string
+    })))
     certificates = optional(list(string))
     auth = bool
     auth_cert = optional(string)